Like many digital services companies we use a 3rd party service provided by google called Firebase. Firebase is an app development platform that helps us build and grow our apps. It is owned by Google and trusted by businesses around the world.
The Service uses the following products from Firebase for its core functionalities:
Furthermore, the Service uses the following Firebase products to monitor the app and improve its quality:
A few Firebase services are only run from US data centers. As a result, these services process data exclusively in the United States:
- Firebase Realtime Database
- Firebase Hosting
- Firebase Authentication
The other Firebase services run on global Google infrastructure. They could process data at any of the Google Cloud Platform locations or Google data center locations.
No, the GDPR does not require EU personal data to stay in the EU.
The transfer of personal data to third countries or international organisations is covered by Articles 44-50 of the Act.
The general principle can be summarised as saying, if you transfer EU personal data out of the EU, you must ensure that this data still enjoys the same level of protection it gets under GDPR.
In other words, the entity or company that you pass the data to outside the EU must be under a legally binding obligation to follow GDPR data protection principles or the equivalent.
We base our GDPR compliance on Google Cloud’s Approach to European Standard Contractual Clauses (SCC), issued on 4 June 2021 by the European Commission. On 21 March 2022, the UK Information Commissioner’s international data transfer addendum (the “UK Addendum”) became effective, enabling the use of EU SCCs in amended form for transfers of personal data under the UK version of the EU GDPR (the “UK GDPR”).
The modernized SCCs apply to us and legitimate the transfer of Customer Personal Data outside of the EU as we have certified that the European Protection Law applies to us and have signed Google's Coud Data Processing Addendum (CDPA).